Techniques to manage applications, such as mobile apps, across multiple management domains are disclosed. In various embodiments, a set of one or more application management policies to be enforced with respect to a mobile device is received from a management entity to which a scope of authority to manage applications with respect to the mobile device has been delegated. A management agent on the mobile device is used to enforce the one or more application management policies with respect to applications and application data that are within the scope of authority delegated to the management entity.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A system, comprising: a processor configured to: receive from a first management domain at a mobile device, an indication to remove an application installed on the mobile device, wherein the mobile device is configured to store data of the application that is associated with the first management domain; and in response to receiving the indication to remove the application installed on the mobile device: determine whether the application is associated with a plurality of management domains; and in response to a determination that the application is associated with the plurality of management domains, secure on the mobile device the data of the application that is associated with the first management domain instead of removing the application from the mobile device, wherein the data of the application that is associated with the first management domain is secured as stored on the mobile device at least in part by encrypting the data of the application that is associated with the first management domain, encrypting the data of the application that is associated with the first management domain with a key removed from the mobile device, or encrypting the data of the application that is associated with the first management domain with a key discarded; and a memory coupled to the processor and configured to provide the processor with instructions.
2. The system of claim 1 , wherein a policy associated with the first management domain indicates that the application should be removed.
3. The system of claim 1 , wherein the processor is further configured to: in response to a determination that the application is not associated with the plurality of management domains, remove from the mobile device the application and the data of the application that is associated with the first management domain.
4. The system of claim 1 , wherein the processor is further configured to return a result indicating that the application could not be removed and that the data of the application that is associated with the first management domain has been removed or secured.
5. The system of claim 4 , wherein information included in the result is filtered to limit access to data owned by the first management domain.
6. The system of claim 5 , wherein the information included in the result is filtered based on an information disclosure policy.
7. The system of claim 1 , wherein the first management domain's application lifecycle indicates that the application should be removed.
8. The system of claim 7 , wherein a mobile device management component is configured to provide the indication to the first management domain when the first management domain's application lifecycle is limited.
9. The system of claim 1 , wherein the indication is received from a device management server associated with the first management domain.
10. The system of claim 1 , wherein the processor is further configured to receive a definition of each of the plurality of management domains from a corresponding management entity.
11. The system of claim 10 , wherein each of the plurality of management domains has a corresponding scope of management authority with respect to the system.
12. The system of claim 10 , wherein the definition includes conflict resolution and/or precedence rules.
13. A method, comprising: receiving from a first management domain at a mobile device an indication to remove an application installed on the mobile device, wherein the mobile device stores data of the application that is associated with the first management domain; and in response to receiving the indication to remove the application installed on the mobile device: determining whether the application is associated with a plurality of management domains; and in response to determining that the application is associated with the plurality of management domains, securing on the mobile device the data of the application that is associated with the first management domain instead of removing the application from the mobile device, wherein the data of the application that is associated with the first management domain is secured as stored on the mobile device at least in part by encrypting the data of the application that is associated with the first management domain, encrypting the data of the application that is associated with the first management domain with a key removed from the mobile device, or encrypting the data of the application that is associated with the first management domain with a key discarded.
14. The method of claim 13 , further comprising returning a result indicating that the application could not be removed and that the data of the application that is associated with the first management domain has been removed or secured.
15. The method of claim 13 , wherein the first management domain's application lifecycle indicates that the application should be removed.
16. The method of claim 13 , wherein the indication is received from a device management server associated with the first management domain.
17. A computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: receiving from a first management domain at a mobile device an indication to remove an application installed on the mobile device, wherein the mobile device stores data of the application that is associated with the first management domain; and in response to receiving the indication to remove the application installed on the mobile device: determining whether the application is associated with a plurality of management domains; and in response to determining that the application is associated with the plurality of management domains, securing on the mobile device the data of the application that is associated with the first management domain instead of removing the application from the mobile device, wherein the data of the application that is associated with the first management domain is secured as stored on the mobile device at least in part by encrypting the data of the application that is associated with the first management domain, encrypting the data of the application that is associated with the first management domain with a key removed from the mobile device, or encrypting the data of the application that is associated with the first management domain with a key discarded.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 26, 2018
July 14, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.